Category Archives: Uncategorized

When did federation become a blame game?

I have noticed a disturbing trend recently. A lot of vendors seem to have taken the position that as soon as their help desk finds out that there is federation with another vendor involved, they immediately toss it over the wall.

I have seen my company (Optimal IdM) have to spend a lot of time and resources helping customers when vendor that really needs to solve the problem won’t do even the basic trouble shooting as soon a federation is involved.

So here is the question, is this because not enough support folks understand federation, or is that they do but want to reduce their work queue and see a convenient scapegoat?

2011 in review

The stats helper monkeys prepared a 2011 annual report for this blog.


Here’s an excerpt:

A New York City subway train holds 1,200 people. This blog was viewed about 7,600 times in 2011. If it were a NYC subway train, it would take about 6 trips to carry that many people.

Click here to see the complete report.

The new chapter in which I return to identity management.

The latest chapter of my career finds me back in the identity management business. I have joined OptimalIdM, a company founded by some great folks I worked with at OpenNetwork.

OptimalIdM’s main focus is their virtual directory product, VIS, but we also have federation products and other IdM plays.

The worlds first surveillance mascot

The London Olympics games have unveiled the mascots for the 2012 games. All I can say is WOW. And I don’t mean that in a good way. I mean that in the creepy, ugly, panopticony way.

I suppose it only appropriate that a country whose surveillance network causes the Chinese government to say “whoa, too much” should create an Olympic mascot that resembles a strange hybrid of the All Seeing Eye of Sauron and a Teletubby.

Ghost in the machine?

When the Toyota Sudden Acceleration Syndrome circus was in full swing I had a strong sense of déjà vu. We have been here before. What’s ridiculous is that the obvious answer is staring us in the face and we don’t want to accept it.

All modern cars have brakes that have far more stopping power than their engines can deliver. If you jam both the accelerator and the brake your car will stop (although I don’t recommend actually doing it).

So there are really two explanations here:

1) Some mysterious fault causes the brakes to fail while the accelerator suddenly engages. This fault is both unreproducible under lab conditions and undetectable after the incident.

2) The drivers are stepping on the wrong pedal.

Why is this important to you? The government is talking about require “smart brakes” on all new cars that would cut off the accelerator when depressed.  Some cars apparently already have this feature.

But this won’t do anything to help the driver that is simply pressing the wrong pedal. If required for all cars, it will raise the price of your next car for a feature that you don’t really need.

Identity Apocalypse Now

Jonathan Sander of Quest has this to say about the coming identity apocalypse. Interesting stuff.

This got me thinking to a fascinating aspect of identity management in the ASP (and SaaS) space, and that it the delegated nature of identity. For example my current employer CareMedic (now part of Ingenix) offers hosted services where authorization decisions are made based on the identity of the user. Since these are medical revenue cycle applications, the authorization decisions are covered by various regulations such as HIPPA.

But here is the interesting part. We don’t really need verify that the identity we know is actually a specific person. We trust our customers (the health care service providers) to validate that the identities they provide us are properly vetted and they determine the roles that those identities fulfill.

And this is the fundamental trust issue pertaining to the identity providers that Jonathan Sander discusses. The entity with the financial stake must validate the real person behind the identity.

Beware of greeks bearing gifts

Beware of greeks bearing gifts, or schools issuing laptops. Of course this situation could be addressed by a simple application of electrical tape.

You have to wonder exactly what the school was thinking would happen. How do you not get sued when you do something so monumentally dumb?

When what you are taught isn’t true

I get a steady stream of indignant sputtering about this post on the metric system and what it means for authentication. One common point that readers make is that Celsius is better than Fahrenheit because it is based on natural law, defined as 100 degrees between the freezing and boiling point of water.

Only it isn’t, and hasn’t been for some time (at least not since 1954). While the freezing point and boiling point of water was precise enough in the 1700’s, it is no where near precise enough to act as a standard. The reason is that no two samples of water will melt and freeze at the same temperature due to variations in water purity, air pressure, and humidity.

By international convention, the Celsius scale is defined by a range between absolute zero and the thermodynamic triple point of Vienna Standard Mean Ocean Water (VSMOW). This point, by the way, is 0.01 C. And VSMOW is not ocean water  (despite it’s name), but rather is a carefully crafted lab concoction comprised of specially defined proportions of oxygen and hydrogen isotopes.

So while we are taught Celsius is defined by the freezing and boiling points of water, it is actually defined by absolute zero (which doesn’t exist in the natural world), and the triple point of a form of water that only exists in the lab.

Explain to me again, why this is less arbitrary that Fahrenheit?

And why is it still taught incorrectly in schools (at least in the US)?

Misplaced Blame

Bruce Schneier writes this, in which he lays the blame for the Chinese hack of Google on the US Government. His reasoning is that since Google put in a back door surveillance mechanism to enable the US to  eavesdrop on Google users, it is then the US’s fault that Chinese hackers used that mechanism to hack Google accounts.

This is a little like me blaming my employer if I have an accident on the way to work.

While I agree that companies should not be making it easy for governments to spy on people, when legally required to do so it is also their responsibility to make sure that this done in as secure a manner as possible.

Also note the interesting linguistic phrase that most journalist have used in this issue. The hacking of Google is usually described as being done by “Chinese hackers”. That’s not wrong, but it missing the most important point. No one seriously believes that the attacks were not done at the behest of the Chinese government itself. That is a very important distinction.

Farewell to one of the best

It was great great sadness that I learned that  Don Bowen was welcomed home on All Hollows Eve. I did not know Don well, but I knew him to be a man that was always friendly, with a happy enthusiasm that was a wonder to behold. To know Don was to instantly like him.

Don was open about his Faith in an industry that does not always welcome it. I always respected him for that.

Godspeed Don.